TL;DR:
Signature validation performs as designed. We are looking into issues on a case-by-case basis. We are not blind to the issues the community is facing, but we have to find a solution that alleviates security concerns as well as user inconvenience.
Wall of text:
As mentioned, almost all community projects violate the TOS to a certain degree. However, so far Roblox has chosen to avoid antagonizing the community by targeting these projects purposefully. The only exception was Wine, as it simply was not maintainable without severely compromising security on Windows (I have written about it extensively here on the forum).
Bloxstrap is less of an issue because it neither injects into the process nor does it perform any kind of repackaging. We haven’t blocked Sober because we don’t see a reason for it. However, I did make it clear to the Sober community that we might render it non-functional as a side effect of increased security as Sober is not officially supported by Roblox.
The same is true for all forms of custom shaders; we don’t explicitly block them (although we have seen shaders being used for cheating), but we can’t just allow random modules to be injected into our process space either, especially since our lenient handling of signed modules was the main attack vector of pretty much all recent Windows exploits.
Last but not least, there is a mix-up of non-Windows and Windows issues here in this thread. While it is true that we have seen a rise in Windows exploits and therefore we had to act on it, the majority of exploiters observed in the wild actually cheat from lesser protected platforms, so arguments such as “the new signature validation didn’t help, I still see an increase in cheating” are flawed if not taking the cheaters’ client platform into account.
This pretty much sums up everything that we have to say on this topic at this point in time. Thank you for reading.